Installing TC As Non-Admin Falls At Last Hurdle

The behaviour described in the bug report is either by design, or would be far too complex/time-consuming to be changed

Moderators: white, Hacker, petermad, Stefan2

User avatar
Phred
Senior Member
Senior Member
Posts: 375
Joined: 2009-06-16, 15:24 UTC
Location: SEAu

Installing TC As Non-Admin Falls At Last Hurdle

Post by *Phred »

Not specific to 9.2xm but true, anyway. Bug or suggestion.

When installing TC either as a full install or update from a standard user, everyday, non-admin account, from a running instance of TC, install proceeds, offering choices to install either as an update or as a normal installation, then shows an alert that the program is already running, offering 'Choose Next to close the program ...'.

After 'Next..', it closes the running TC, then proceeds to install, but after a some seconds stops, unable to open '...KEYBOARD.TXT for writing!'.
Dialogs follow, closing all instances of TC programs.

Reproduce: install from TC in a non-admin, everyday, account/context.

Expected behaviour: Allow TC-setup to close running instance(s)/files, present the normal UAC elevation prompt, and proceed to install - as is common with other program installations.

[UPDATE] I notice that the installer doesn't even prompt for UAC elevation when run from (Windows') File Manager. It fails every time.
Regards, PhredE
Licence holder since 1999
Awaiting a $D donors-token for the title-bar so we can display that we have donated further.
User avatar
Dalai
Power Member
Power Member
Posts: 9364
Joined: 2005-01-28, 22:17 UTC
Location: Meiningen (Südthüringen)

Post by *Dalai »

TC can be installed as regular user just fine, of course limited to the directories users can write to (e.g. C:\totalcmd or %UserProfile%). To be able to do so means that TC setup should only trigger UAC when the user is in the adminstrators group. This is done via TC setup's manifest which has level="highestAvailable" set). If you want to install TC for all users (e.g. in %ProgramFiles%), run TC setup as admin. Simple as that.

Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64

Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
User avatar
Phred
Senior Member
Senior Member
Posts: 375
Joined: 2009-06-16, 15:24 UTC
Location: SEAu

True, But Really...

Post by *Phred »

Dalai wrote:TC can be installed as regular user just fine, of course limited to the directories users can write to (e.g. C:\totalcmd or %UserProfile%). To be able to do so means that TC setup should only trigger UAC when the user is in the adminstrators group. This is done via TC setup's manifest which has level="highestAvailable" set). If you want to install TC for all users (e.g. in %ProgramFiles%), run TC setup as admin. Simple as that.

Regards
Dalai
Yes, of course, Dalai, but really - install an executable as powerful as TC off the root or in an insecure AppData branch? In 2018 CE? You must like living dangerously.
You've heard of the recent Zacinlo Ad Fraud vector (a rootkit), ransomware attacks, RAM pounding, local and remote, viruses of many many kinds, crypto-mining and address hijacks, even persistent system and router reprogramming?
We're not in Kansas anymore.

I must admit that provision of c:\totalcmd in the install package still holds me incredulous. Surely it's not the intention of Ghisler, GmbH to advocate its own installation memes outside of Microsoft's safer recommendations of installing software other than in C:\Program Files ~\ so that security is deprecated extraordinarily? I couldn't quite understand that, if it is.

Yes, there are many self-confessed geeks here and using TC, but it's a general-usage file management utility, and we'd likely expect that the Ghisler co. doesn't really want to jeopardise their systems. I imagine it will change.

After all, the structures that have matured under Windows have evolved for a reason, and in these days of OSs-as-a-service and permanent internet connection, it has to be, foremost, security.

The vast majority of mainstream programs now install in %ProgramFiles% and their setup routines prompt for admin permissions. Ordinary users far prefer this arrangement these days to the totally open machines of the 20th century, CE.
Regards, PhredE
Licence holder since 1999
Awaiting a $D donors-token for the title-bar so we can display that we have donated further.
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Currently the installer uses level="highestAvailable", so non-admin users can still install TC to a directory like c:\Totalcmd, which does not require admin rights.

It would be better to first collect user data with normal rights and then ask for admin rights. Unfortuantely this would require a lot of changes, so I cannot add it quickly.
Author of Total Commander
https://www.ghisler.com
User avatar
Dalai
Power Member
Power Member
Posts: 9364
Joined: 2005-01-28, 22:17 UTC
Location: Meiningen (Südthüringen)

Post by *Dalai »

Phred wrote:Yes, of course, Dalai, but really - install an executable as powerful as TC off the root or in an insecure AppData branch? In 2018 CE? You must like living dangerously.
I don't, although some people say I do because I don't use anti-virus software. But I digress. I always install TC to %ProgramFiles% on all of my own computers and those of my customers. I even made a suggestion to change the default installation directory to %ProgramFiles% a long time ago (can't find the corresponding thread unfortunately). But Ghisler didn't change it because he has some valid points, and I can understand and respect them.

Regarding your malware stuff: If you've heard about them you're tech-savvy enough to know it's better to install to %ProgramFiles% anyway.

So, your criticism is directed at the wrong target. I just pointed out the situation as it is now. Suggest a change of the default install dir to %ProgramFiles% and I'll be happy to support it. But keep in mind that it's not so easy to keep the ability to install without admin privileges then; this requires some major changes as Ghisler already pointed out (but maybe it's time to switch to InnoSetup ;)).

Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64

Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
User avatar
Hacker
Moderator
Moderator
Posts: 13052
Joined: 2003-02-06, 14:56 UTC
Location: Bratislava, Slovakia

Post by *Hacker »

Phred,
Perhaps slightly OT, but what is insecure about installing programs outside of Program Files?

TIA
Roman
Mal angenommen, du drückst Strg+F, wählst die FTP-Verbindung (mit gespeichertem Passwort), klickst aber nicht auf Verbinden, sondern fällst tot um.
User avatar
Stefan2
Power Member
Power Member
Posts: 4132
Joined: 2007-09-13, 22:20 UTC
Location: Europa

Post by *Stefan2 »

Hacker wrote:Phred,
Perhaps slightly OT, but what is insecure about installing programs outside of Program Files?

TIA
Roman
Everyone and every program has write access and for example a program can modify his own code by downloading an update.
Program Files on the other hand is write protected after the installation and need elevated admin rights to alter the files in that folder, so the user would be prompted for rights.

For well know programs like TC, one can give write access for USERS to TCs folder as default.
(Then you have broken that (pseudo) security, but won some convenience, as you, TC and the plugins have write permissions now)


That's the basic idea.
Of course that ProgramFiles-security is only true for attacks not really really want to hack you.
Like "better than nothing" for the average user, ...but this consideration is really OT.





 
User avatar
Dalai
Power Member
Power Member
Posts: 9364
Joined: 2005-01-28, 22:17 UTC
Location: Meiningen (Südthüringen)

Post by *Dalai »

Hacker wrote:Phred,
Perhaps slightly OT, but what is insecure about installing programs outside of Program Files?
Well, any program, including malicious ones can manipulate other programs which are located in %UserProfile% (or any other user-writable location). Malicious software might even abuse other programs for their own (malicious) purposes, e.g. to stay undetected by anti-virus software. It's also important to note that administrators really don't like programs that are writable by users.

Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64

Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
User avatar
Hacker
Moderator
Moderator
Posts: 13052
Joined: 2003-02-06, 14:56 UTC
Location: Bratislava, Slovakia

Post by *Hacker »

Stefan2,
Everyone and every program has write access and for example a program can modify his own code by downloading an update.
Program Files on the other hand is write protected after the installation and need elevated admin rights to alter the files in that folder, so the user would be prompted for rights.
I still fail to see the danger.

Roman
Mal angenommen, du drückst Strg+F, wählst die FTP-Verbindung (mit gespeichertem Passwort), klickst aber nicht auf Verbinden, sondern fällst tot um.
User avatar
Horst.Epp
Power Member
Power Member
Posts: 6449
Joined: 2003-02-06, 17:36 UTC
Location: Germany

Post by *Horst.Epp »

Hacker wrote:Stefan2,
Everyone and every program has write access and for example a program can modify his own code by downloading an update.
Program Files on the other hand is write protected after the installation and need elevated admin rights to alter the files in that folder, so the user would be prompted for rights.
I still fail to see the danger.

Roman
The danger comes if you let trojans or viruses running on your system.
But then its no longer your system anyway.
I started many years ago to store all my tools under c:\tools
most of it are portable. I never had any security problems.
As a system admin I still prefered the default windows places . :)
Windows 11 Home x64 Version 23H2 (OS Build 22631.3374)
TC 11.03 x64 / x86
Everything 1.5.0.1371a (x64), Everything Toolbar 1.3.2, Listary Pro 6.3.0.69
QAP 11.6.3.2 x64
User avatar
JesperRed
Junior Member
Junior Member
Posts: 19
Joined: 2017-07-07, 10:12 UTC

Re: Installing TC As Non-Admin Falls At Last Hurdle

Post by *JesperRed »

Hi
I'm not very technical, but I have always wondered why TC wants to install directly in the root and not as must program in "Program Files", why not follow the standard?

From a user perspective it is very strange that I can't install TC due to the error "Could not open file C:\....."
Why don't I get a message about I need to install as Admin.
(of course the best would be if it "just worked" as Non-Admin)
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: Installing TC As Non-Admin Falls At Last Hurdle

Post by *ghisler(Author) »

That's mainly for historical reasons - TC exists much longer than "Program files"! It's also difficult to change that now, due to older plugins failing when installed to a read only directory.
Author of Total Commander
https://www.ghisler.com
User avatar
wanderer
Power Member
Power Member
Posts: 1573
Joined: 2003-03-28, 14:35 UTC
Location: Sol

Re: Installing TC As Non-Admin Falls At Last Hurdle

Post by *wanderer »

@ghisler
Like Dalai, i also install tc under "Program Files". I also understand the reasons for not changing the default install location. How about adding 2 extra buttons in the dialog then? Each can simply set the path in the textbox either to "C:\totalcmd" or to "%ProgramFiles%\TotalCmd" accordingly. That way the user will avoid manually typing it. And if you decide to do so, may i suggest "%ProgramFiles%\TotalCmd" as a default option (more modern)?
- Wanderer -

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Normally using latest TC on:
x32: WinXPx32 SP3
x64: Clients/Servers from Win7 to Win11 and Win2K12Srv to Win2K22Srv, mainly Win10 though.
User avatar
Usher
Power Member
Power Member
Posts: 1675
Joined: 2011-03-11, 10:11 UTC

Re: Installing TC As Non-Admin Falls At Last Hurdle

Post by *Usher »

I think that the path should depend on TC bitness. You can't run 32-bit apps under "C:\Program Files" in 64-bit Windows. I don't know how system virtualization will work when you run 32+64 TC installer.
Andrzej P. Wozniak
Polish subforum moderator
User avatar
wanderer
Power Member
Power Member
Posts: 1573
Joined: 2003-03-28, 14:35 UTC
Location: Sol

Re: Installing TC As Non-Admin Falls At Last Hurdle

Post by *wanderer »

Usher wrote: 2018-08-09, 18:42 UTC You can't run 32-bit apps under "C:\Program Files" in 64-bit Windows.
Not true. I always install tc there and have no problem running both versions (under Win7 at least).
- Wanderer -

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Normally using latest TC on:
x32: WinXPx32 SP3
x64: Clients/Servers from Win7 to Win11 and Win2K12Srv to Win2K22Srv, mainly Win10 though.
Post Reply